Skip to main content
Version: Deploy 22.3

Integrate Deploy with Digital.ai Platform Identity Service

Use the Digital.ai Identity Service to implement single sign-on (SSO) for your users—recommended for sites that have OIDC or SAML compliant IDPs.

Integrate your OIDC or SAML compliant IDP with Digital.ai Identity Service and later integrate Digital.ai Deploy with the Digital.ai Identity Service.

  • To simplify the SSO configuration and customer onboarding processes, Digital.ai has introduced its own Digital.ai Identity Service that supports multiple protocols.
  • We recommend you integrate Digital.ai Deploy with external IDPs via the Digital.ai Identity Service as it supports multiple protocols, configuration changes with almost nil downtime, and also supports user-friendly workflows for common tasks.

For more information, see:

Step 1—Get Digital.ai Deploy URL

As a first step, you must have the Digital.ai Deploy installed. Once installed, gather and keep the Deploy URL handy.

Step 2—Create Your Digital.ai Platform Account

You must contact the Digital.ai Support team to get this account created.

For more information, see Account Setup.

Step 3—Add Deploy as an OIDC Client in the Digital.ai Platform Identity Service

  1. Log in to the Digital.ai Platform.

  2. Go to Admin > Clients > Add OIDC Client

  3. Give the client a name (for example, deploy)

  4. Add a valid redirect URI in the Valid Redirect URIs.

    <deploy url>/oidc-login

  5. Save the client.

For more information, see Add OIDC client.

Step 4—Set up a Local Admin User to Manage Your Digital.ai Platform Account

For more information, see Set up Local Users.

Step 5—Connect Digital.ai Platform to Your Identity Provider (OIDC or SAML)

Keep these handy:

For more information, see:

In case you use a different OIDC or SAML-compliant IDP, refer to these docs and follow the same process with tool-specific changes as required.

Step 6—Connect Digital.ai Deploy to the Digital.ai Platform

Note: Digital.ai Deploy has no direct support for SAML. However, you can integrate Deploy as an OIDC client with the Digital.ai Platform Identity Service and in turn connect the Digital.ai Platform Identity Service to your SAML-compliant IDP.

JVM Sites

Do this on the Digital.ai Deploy server to integrate Release as on OIDC client with the Digital.ai Identity Service.

  1. Install and enable the OIDC Authentication plugin, modify the Default configuration property to OIDC in the XL_DEPLOY_SERVER_HOME/centralConfiguration/deploy-server.yaml file.

  2. To configure the OIDC Authentication plugin, add the following YAML code snippet to the XL_DEPLOY_SERVER_HOME/centralConfiguration/deploy-oidc.yaml file.

    deploy.security:
      auth:
        providers:
         oidc:
          loginMethodDescription:
          clientId: "<Your client ID>"
          clientSecret: "<Your client secret>"
          issuer: "<Enter the Open ID Provider Issuer>" # for example "https://identity.staging.digital.ai/auth/realms/demoaccount"
          redirectUri: "<deploy url>/login/external-login"
          postLogoutRedirectUri: "<deploy url>/login/external-login"
          rolesClaimName: "realm_access.roles"
          userNameClaimName: preferred_username

    The above configuration automatically fetches the required configuration from the discovery endpoint.

    For more information, see Configure Digital.ai Deploy for OIDC Authentication.

Kubernetes Sites

See Select the Type of OIDC Configuration.

Step 7—Log on to Deploy and Add the Admin User

Log on to Deploy and add the Local Admin User you created in step 4 earlier.

  1. Log on to Deploy as ad Administrator.
  2. Create a role named Admin and add the Digital.ai Platform's admin user—created in step 4 earlier—to that role.
  3. Assign Admin permissions to this Admin role you created.

For more information, see Set up Roles and Permissions.

Your SSO setup is complete.